Hopsule
Security

Trust starts with transparency

We don't store source code. Advisory-only enforcement. Encrypted at every layer. Organization-level isolation. Here's exactly how we protect your data.

Encrypted
Isolated
Transparent
Advisory-only
Foundation

Security by design, not afterthought

Every layer of Hopsule is built with security as a first-class concern - from encryption to access control.

End-to-End Encryption

All data is encrypted at rest with AES-256 and in transit with TLS 1.3. Your decisions, memories, and metadata never travel unprotected.

Data Packet
Plaintext
At rest
In transit

Zero Source Code Storage

Hopsule never stores your source code. We only persist structured decisions, memories, and project metadata - nothing else.

Import Scanner
src/index.ts
Excluded
package.json
Decision #42
Memory: Use pnpm
.env.local
Tag: frontend

Organization & Project Isolation

Every organization and project is fully isolated. Cross-tenant access is architecturally impossible - not just permission-gated.

Acme Corp
frontendapimobile
Globex Inc
dashboardauth

Advisory-Only Enforcement

Hopsule never blocks merges, pushes, or deployments. We surface warnings and suggestions - your team stays in full control.

Enterprise

Your keys, your database, your control

Enterprise customers can bring their own AI provider keys and connect their own database. Your data never leaves your infrastructure.

Bring your own AI keys

Connect your own OpenAI, Anthropic, or Google API keys. Hopsule never sees or stores your keys - they stay in your environment.

AI Provider

OpenAIAnthropicGoogle
sk-••••••••••••••••••••••••
  • Keys stay in your environment only
  • Full control over token consumption
  • Switch providers at any time

Bring your own database

On the Enterprise plan, connect your own PostgreSQL instance. Your data stays in your infrastructure - Hopsule only provides the schema and migrations.

PostgreSQL
Connected
postgresql://••••@your-host:5432/hopsule
  • Data stays in your own infrastructure
  • Hopsule provides schema & migrations
  • Meets data residency requirements
Compliance

Built for regulated environments

From data residency to audit logging - we meet the standards your security team expects.

Data Residency

EU and US hosting options for data locality requirements.

GDPR Ready

Data export, deletion on request, and DPA agreements available.

Audit Logging

Every operation is logged with timestamps, actors, and context.

Role-Based Access

Owner, Admin, Member, and Viewer roles with granular permissions.

SOC 2 Type II

Roadmap

In progress - we believe in transparency over empty badges.

Vulnerability Disclosure

Responsible disclosure program. Report issues at security@hopsule.com.

Hopsule

The persistent memory layer for AI-assisted development. Stop re-explaining your project.

Get Early AccessRead the Docs